Using Windows Defender Application Control to block malicious applications and drivers


Microsoft Windows security  >  Windows laptop + logo with binary lock and key

Ideally, we would lock down our operating systems to allow only those applications we want to have running. For many companies, however, investigating what software is running in their networks takes resources and research that they often don’t have.

A tool built into Windows can provide better control over what runs on your system. Windows Defender Application Control (WDAC), also referred to as Microsoft Defender Application Control (MDAC), was introduced with Windows 10 and allows you to control drivers and applications on your Windows clients. Some WDAC capabilities are available only on specific Windows versions. Cmdlets are available on all SKUs since 1909. An older Microsoft whitelisting technology, AppLocker, is no longer being developed and will receive security fixes but no new features.

You can use Group Policy or cloud services such as Intune to set the policies. While it may be overwhelming to limit applications allowed to run on an operating system given the needs of the business, it probably is not an issue to set a policy to limit what drivers are allowed to run on a system

Read more…